virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-01-29 22:00:58 +02:00
Code Issues Releases Activity
93,549 Commits 37 Branches 400 Tags
Commit Graph

93549 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michael Niedermayer
2edb753825 avformat/utils: Fix invalid NULL pointer operation in ff_parse_key_value() 
Fixes: pointer index expression with base 0x000000000000 overflowed to 0xffffffffffffffff
Fixes: 44012/clusterfuzz-testcase-minimized-ffmpeg_dem_HLS_fuzzer-5670607746891776

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 59328aabd2c789ae053e18a62a20a7addfd4d069)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-04-09 22:19:40 +02:00
Michael Niedermayer
893c4f1151 avformat/matroskadec: Fix infinite loop with bz decompression 
The same check is added to zlib too, it seems not needed there though

Fixes: Infinite loop
Fixes: 43932/clusterfuzz-testcase-minimized-ffmpeg_dem_MATROSKA_fuzzer-6175167573786624

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9c3d2cbb510674226b0c8fa6b146bf891f83786c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-04-09 22:19:40 +02:00
Michael Niedermayer
423a3b685f avformat/mov: Check size before subtraction 
Fixes: signed integer overflow: -9223372036854775808 - 8 cannot be represented in type 'long'
Fixes: 43542/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5237670148702208

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d8d9d506a3de976b647bcbb8f76c7b8d30eff576)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-04-09 22:19:40 +02:00
Michael Niedermayer
210b4b9871 avcodec/apedec: Fix integer overflows in predictor_update_3930() 
Fixes: signed integer overflow: 1074134419 - -1075212485 cannot be represented in type 'int'
Fixes: 43273/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-4706880883130368

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0c9c9bbd01bd82c35b6a908592d9dd6d9f4bd4a0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-04-09 22:19:40 +02:00
Michael Niedermayer
254ebed4d5 avcodec/apedec: fix integer overflow in 8bit samples 
Fixes: signed integer overflow: 2147483542 + 128 cannot be represented in type 'int'
Fixes: 42812/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-6344057861832704

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7cee3b37187dbf61dbebff023f07ceedfc0129bb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-04-09 22:19:40 +02:00
Michael Niedermayer
a5b213a89e avformat/flvdec: timestamps cannot use the full int64 range 
We do not support this as we multiply by 1000
Fixes: signed integer overflow: -45318575073853696 * 1000 cannot be represented in type 'long'
Fixes: 42804/clusterfuzz-testcase-minimized-ffmpeg_dem_LIVE_FLV_fuzzer-4630325425209344

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c217ca7718c8e24905d7ba9ede719ae040899476)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-04-09 22:19:40 +02:00
Michael Niedermayer
7caa166ac3 avcodec/vqavideo: reset accounting on error 
Fixes: Timeout (same growing chunk is decoded to failure repeatedly)
Fixes: 42582/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VQA_fuzzer-6531195591065600

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d8ea7a67ba62f5d4520e75e56b9954d80e7ff223)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-04-09 22:19:40 +02:00
Michael Niedermayer
e546e9c5b4 avcodec/alacdsp: fix integer overflow in decorrelate_stereo() 
Fixes: signed integer overflow: -16777216 * 131 cannot be represented in type 'int'
Fixes: 23835/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-5669943160078336
Fixes: 41101/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-4636330705944576

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 68457c1e85122ffcadb0c909070dd210095fd2cd)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-04-09 22:19:40 +02:00
Michael Niedermayer
0e6f3166ce avformat/4xm: Check for duplicate track ids 
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit dd949124793c722ed55dead9da245574ace81968)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-04-09 22:19:40 +02:00
Michael Niedermayer
ea318a1fcd avformat/4xm: Consider max_streams on reallocating tracks array 
Fixes: OOM
Fixes: 41595/clusterfuzz-testcase-minimized-ffmpeg_dem_FOURXM_fuzzer-6355979363549184

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0dcd95ef8a2e16ed930296567ab1044e33602a34)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-04-09 22:19:40 +02:00
Michael Niedermayer
f80d5425ae avformat/mov: Check next offset in mov_read_dref() 
Fixes: signed integer overflow: 9223372036200463215 + 1109914409 cannot be represented in type 'long'
Fixes: 41480/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6553086177443840

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 562021e2fd4d74589905d9c566c686394d2b0526)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-04-09 22:19:40 +02:00
Michael Niedermayer
f433faed1e avformat/mxfdec: Check for duplicate mxf_read_index_entry_array() 
Fixes: memleak
Fixes: 41596/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-6439060204290048

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4f44a218e53cd92e64ba10a935bc1e7583c3e218)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-04-09 22:19:40 +02:00
Michael Niedermayer
531eeb81ce avcodec/apedec: Change avg to uint32_t 
Fixes: Integer overflow
Fixes: 40973/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-6739312704618496

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Suggested-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0ec75723a484405eb2f2ec2f9e58161b168ed8b0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-04-09 22:19:40 +02:00
Michael Niedermayer
b4392d045e avformat/mov: Disallow duplicate smdm 
Fixes: memleak
Fixes: 39879/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5327819907923968

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b5ba74053c1ef9f38d9e7b3a036675f06d2b2714)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-04-09 22:19:40 +02:00
Michael Niedermayer
0d8300a960 avformat/mov: Check for EOF in mov_read_glbl() 
Fixes: Infinite loop
Fixes: 41351/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5433895854669824

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 59b4e7cbd87889c0bac710ac7f62782b637419a1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-04-09 22:19:40 +02:00
Michael Niedermayer
12d125e787 avformat/mov: Check channels for mov_parse_stsd_audio() 
Fixes: signed integer overflow: -776522110086937600 * 16 cannot be represented in type 'long'
Fixes: 40563/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6644829447127040

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3a64a4c58255d45e05eff80c9464ad3bdc2d6463)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-04-09 22:19:40 +02:00
Michael Niedermayer
0afc4fb2e9 avformat/avidec: Check read_odml_index() for failure 
Fixes: Timeout
Fixes: 40950/clusterfuzz-testcase-minimized-ffmpeg_dem_AVI_fuzzer-6478873068437504

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 57adb26d058490daf2c5d6ddd3cf0cf2d2212256)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-04-09 22:19:40 +02:00
Michael Niedermayer
9a44dc209b avformat/aiffdec: Use av_rescale() for bitrate 
Fixes: integer overflow
Fixes: 40313/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-4814761406103552

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 905588df975071c03c00b2e923c311b4de65a8f4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-04-09 22:19:40 +02:00
Michael Niedermayer
8876c70ee8 avformat/aiffdec: sanity check block_align 
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 93f7776921ed8c5219732210067016c3457e864d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-04-09 22:19:40 +02:00
Michael Niedermayer
078bbcde0e avformat/aiffdec: Check sample_rate 
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1b04836dff9958e8bfdbed2746b8c40b1e119ecc)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-04-09 22:19:40 +02:00
Paul B Mahol
d5cb859665 avfilter/vf_gblur: fix heap-buffer overflow 
Fixes #8282

(cherry picked from commit 64a805883d7223c868a683f0030837d859edd2ab)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-04-09 22:19:40 +02:00
Paul B Mahol
439645004b avfilter/vf_lenscorrection: fix division by zero 
Fixes #8265

(cherry picked from commit 19587c9332f5be4f6bc6d7b2b8ef3fd21dfeaa01)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-04-09 22:19:40 +02:00
James Almer
6fe33489be avformat/latmenc: abort if no extradata is available 
Fixes ticket #8273.

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit dd01947397b98e94c3f2a79d5820aaf4594f4d3b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-04-09 22:19:40 +02:00
Michael Niedermayer
d38c8064d4 avcodec/g729dec: Avoid computing invalid temporary pointers for ff_acelp_weighted_vector_sum() 
Fixes: Ticket8176

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2c78a76cb0443f8a12a5eadc3b58373aa2f4ab22)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-04-09 22:19:40 +02:00
Paul B Mahol
97ee4a451b avformat/tty: add probe function 
(cherry picked from commit 3bce9e9b3ea35c54bacccc793d7da99ea5157532)
 2022-04-09 22:19:40 +02:00
Michael Niedermayer
422cec5088 avcodec/flac_parser: Consider AV_INPUT_BUFFER_PADDING_SIZE 
Fixes: out if array read
Fixes: 40109/clusterfuzz-testcase-minimized-ffmpeg_dem_FLAC_fuzzer-4805686811295744

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Mattias Wadman <mattias.wadman@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-04-09 22:19:40 +02:00
Michael Niedermayer
f3f575e395 avcodec/ttadsp: Fix integer overflows in tta_filter_process_c() 
Fixes: signed integer overflow: 822841647 + 1647055738 cannot be represented in type 'int'
Fixes: 39935/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TTA_fuzzer-4592657142251520

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f24028c798397af720acb838357785aa705a8122)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-04-09 22:19:40 +02:00
Michael Niedermayer
fbdeea9102 avutil/mathematics: Document av_rescale_rnd() behavior on non int64 results 
Reviewed-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e154353fdb73dc1b3c1519350244d5346f761850)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-04-09 22:19:40 +02:00
James Almer
746f3fc165 fate: update reference files after the recent dash manifest muxer changes 
Missed in 487b49d8f2e1e81dce86230fc957ca2ee9de00ee.

Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit aa0829d834232b13e513fb88b2b9a2b74918e05c)
 2022-04-08 16:12:03 -03:00
James Almer
ad26796f4e avformat/webmdashenc: fix on-demand profile string 
Fixes ticket #9596

Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 487b49d8f2e1e81dce86230fc957ca2ee9de00ee)
 2022-04-08 00:16:08 -03:00
Andreas Rheinhardt
aa3b2c3883 configure: Add missing libshine->mpegaudioheader dependency 
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
(cherry picked from commit e228d7b0db7d6cb02a73bee6d3bf4f6ecf92d0bf)
 2022-01-06 08:49:01 +01:00
Andreas Rheinhardt
010281ed23 avformat/mpegenc: Ensure packet queue stays valid 
The MPEG-PS muxer uses a custom queue of custom packets. To keep track
of it, it has a pointer (named predecode_packet) to the head of the
queue and a pointer to where the next packet is to be added (it points
to the next-pointer of the last element of the queue); furthermore,
there is also a pointer that points into the queue (called premux_packet).

The exact behaviour was as follows: If premux_packet was NULL when a
packet is received, it is taken to mean that the old queue is empty and
a new queue is started. premux_packet will point to the head of said
queue and the next_packet-pointer points to its next pointer. If
predecode_packet is NULL, it will also made to point to the newly
allocated element.

But if premux_packet is NULL and predecode_packet is not, then there
will be two queues with head elements premux_packet and
predecode_packet. Yet only elements reachable from predecode_packet are
ever freed, so the premux_packet queue leaks.
Worse yet, when the predecode_packet queue will be eventually exhausted,
predecode_packet will be made to point into the other queue and when
predecode_packet will be freed, the next pointer of the preceding
element of the queue will still point to the element just freed. This
element might very well be still reachable from premux_packet which
leads to use-after-frees lateron. This happened in the tickets mentioned
below.

Fix this by never creating two queues in the first place by checking for
predecode_packet to know whether the queue is empty. If premux_packet is
NULL, then it is set to the newly allocated element of the queue.

Fixes tickets #6887, #8188 and #8266.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
(cherry picked from commit cfce16449cb815132f829d5a07beb138dfb2cba6)
 2021-10-19 19:05:16 -03:00
Andreas Rheinhardt
f7c9b1ed56 avformat/movenc: Fix segfault when remuxing rtp hint stream 
When remuxing an rtp hint stream (or any stream with the tag "rtp "),
the mov muxer treats this as one of the rtp hint tracks it creates
internally when ordered to do so; yet this track lacks the
AVFormatContext for the hinting rtp muxer, leading to segfaults in
mov_write_udta_sdp() if a "trak" atom is written for this stream; if not,
the stream's codecpar is freed by mov_free() as if the mov muxer owned
it (it does for the internally created "rtp " tracks), but without
resetting st->codecpar, leading to double-frees lateron. This commit
therefore ignores said tag which makes rtp hint streams unremuxable.

This fixes tickets #8181 and #8186.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
(cherry picked from commit 22c3cd176079dd104ec7610ead697235b04396f1)
 2021-10-19 19:03:19 -03:00
Baptiste Coudurier
3c4e1a56e3 avformat/mxfenc: fix index byte count in partition header 2021-10-19 19:01:36 -03:00
Michael Niedermayer
a5d2008e2a Changelog: update 
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
n4.1.8 		2021-10-17 19:42:14 +02:00
Lynne
d7bd4f73a7 configure: update copyright year 
(cherry picked from commit 63505fc60a8031ebea824a3e78a07b73c6dc049f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-10-16 21:19:24 +02:00
Michael Niedermayer
9d8945bd49 avformat/wavdec: Check smv_block_size 
Fixes: Timeout
Fixes: 39554/clusterfuzz-testcase-minimized-ffmpeg_dem_WAV_fuzzer-4915221701984256

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 849138f476f4b08656681bfc3aec5beac47777fb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-10-16 21:19:24 +02:00
Michael Niedermayer
770b4de8d1 avformat/rmdec: Check for multiple audio_stream_info 
Fixes: memleak
Fixes: 39166/clusterfuzz-testcase-minimized-ffmpeg_dem_IVR_fuzzer-5153276690038784

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8fe3566b8fdf4bcf5eed419c1aab6eb848287ff3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-10-16 21:19:24 +02:00
Michael Niedermayer
3c81d7025e avcodec/apedec: Use 64bit to avoid overflow 
Fixes: runtime error: signed integer overflow: 727298502 * 3 cannot be represented in type 'int'
Fixes: 39172/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-638602483033702

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f059b56195da9c0e2c11a5f7f357a3d6101e6bf0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-10-16 21:19:24 +02:00
Michael Niedermayer
9236882745 avcodec/apedec: Fix undefined integer overflow in long_filter_ehigh_3830() 
Fixes: signed integer overflow: -2145648640 - 3357696 cannot be represented in type 'int'
Fixes: 38899/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5358815017566208

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ad517ee6e44f093e28021ffd51c7eb2e1394b1a9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-10-16 21:19:24 +02:00
Michael Niedermayer
186222fa56 oavformat/avidec: Check offset in odml 
Fixes: signed integer overflow: 9223372036854775807 + 8 cannot be represented in type 'long'
Fixes: 38787/clusterfuzz-testcase-minimized-ffmpeg_dem_AVI_fuzzer-4859845799444480

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 255a7b423ed5e07536bdc72e993056daa4efe009)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-10-16 21:19:24 +02:00
Michael Niedermayer
e295b5f3d3 avformat/mpegts: use actually read packet size in mpegts_resync special case 
Fixes: infinite loop
Fixes: 37986/clusterfuzz-testcase-minimized-ffmpeg_dem_MPEGTSRAW_fuzzer-5292311517462528 -

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Marton Balint <cus@passwd.hu>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 83b2e4c8f15a00f037040131e26e20de83f0d842)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-10-16 21:19:24 +02:00
Timo Rothenpieler
0699b0836d avfilter/scale_npp: fix non-aligned output frame dimensions 2021-10-07 18:31:41 +02:00
Michael Niedermayer
ef2efaa78b Update for 4.1.8 2021-10-06 13:43:40 +02:00
Michael Niedermayer
ff48f4aad7 swscale/alphablend: Fix slice handling 
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 06d67265881249566f385309e2fb5a9449720b6e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-10-06 12:06:15 +02:00
Michael Niedermayer
c59e2d2f03 avcodec/mxpegdec: Check for AVDISCARD_ALL 
Fixes: Fixes NULL pointer dereference
Fixes: 36610/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MXPEG_fuzzer-6052641783283712
Fixes: 37907/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MXPEG_fuzzer-4725170850365440
Fixes: 37904/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MXPEG_fuzzer-6367889262247936
Fixes: 38085/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MXPEG_fuzzer-5175270823297024

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 20afd3a63a75a160f61a98a8dcfe06f527ea19b4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-10-06 12:06:15 +02:00
Michael Niedermayer
800e7d83e8 avcodec/flicvideo: Check remaining bytes in FLI*COPY 
Fixes: Timeout
Fixes: 37795/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FLIC_fuzzer-4846536543043584

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5f835efbca874ad42cb954e6788588f52a57a7a2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-10-06 12:06:15 +02:00
Michael Niedermayer
512a132e4c avcodec/cbs_h265_syntax_template: Limit sps_num_palette_predictor_initializer_minus1 to 127 
Fixes: index 128 out of bounds for type 'uint16_t [128]'
Fixes: 38651/clusterfuzz-testcase-minimized-ffmpeg_BSF_HEVC_METADATA_fuzzer-6296416058736640

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 85413a5ae6948a1d6e4e947a4fca984b8c686016)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-10-06 12:06:15 +02:00
Michael Niedermayer
448e9ce5e5 avcodec/mpeg12dec: Do not put mpeg_f_code into an invalid state on error return 
Fixes: invalid shift
Fixes: 37018/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG2VIDEO_fuzzer-5290280902328320

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5a95abcce4d93f979e4b53f2220f7a54edd03312)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-10-06 12:06:15 +02:00
Michael Niedermayer
552430993d avcodec/mpegvideo_enc: Limit bitrate tolerance to the representable 
Fixes: error: 1.66789e+11 is outside the range of representable values of type 'int'
Fixes: Ticket8201

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 245017ec8a87d6e4c764d06afeca37100b980d85)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2021-10-06 12:06:15 +02:00